[tor-talk] A possible solution to traffic correlation attacks,
notfriendly at riseup.net
notfriendly at riseup.net
Sun Jun 5 21:13:41 UTC 2016
On 2016-06-05 14:34, grarpamp wrote:
> On 6/5/16, Not Friendly <notfriendly at riseup.net> wrote:
>> After about an hour of brain storming I may of found a way to stop
>> traffic
>> correlation attacks. The idea is to add an artificial delay of a few
>> randomized ms (two separate delays, one to the tor exit and another
>> deal on
>> traffic exiting the network) and add an extra chunk of randomized data
>> (just
>> a small random amount of KB that never exits the network). It would
>> make
>> traffic harder to correlate. What are your thoughts on this?
>
> Doesn't work.
> "never exits" - GPA's don't necessarily need to correlate any internal
> flows. They can look only at the endpoints. The minute you insert
> traffic that lights up some other endpoint, in an otherwise
> sufficiently
> quiet network, or distinguishable way (bytes / latency [pump], which is
> made even easier for them if they reign over an endpoint), you're done.
> You need fulltime regulated fill traffic, within which, your traffic
> resides.
So randomizing the times that traffic enters the network and exits the
network wouldn't work? Like it enters a note and 30 ms after received or
another random delay couldn't it exit. It would be harder to correlate
the traffic right?
More information about the tor-talk
mailing list